By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

management (DRM) system to prevent CD copying.

Rootkits, tools or programs used to mask software or network intrusions, are typically used only by malicious hackers. Sony and First 4 Internet Ltd., its British technology partner, have responded to the criticism with an update that claims to remove the technology from users' PCs, but some fear Sony's move may trigger a variety of dangerous exploits.

"This service pack removes the cloaking technology component that has been recently discussed in a number of articles...," Sony said on its Web site. "This component is not malicious and does not compromise security. However, to alleviate any concerns that users may have… this update has been released to enable users to remove this component from their computers."

Regardless, experts worry that if more companies use the technology the way Sony has, hackers could hijack such rootkits and cause all kinds of trouble.

"This creates opportunities for virus writers," said Mikko Hypponen, director of AV research for Finnish firm F-Secure Corp. "These rootkits can be exploited by any malware, and when it's used this way, it's harder for firms like ours to distinguish the malicious from the legitimate."

Kaspersky Lab of Russia voiced similar concern on its Web site. "Using rootkit technology is an extremely dubious technique, and the poor coding of this particular example also raised our eyebrows," the firm said. "Not only will this software slow down your computer, it can also lead to system instability. We'd hate to see the use of rootkits becoming a habit among mainstream software manufacturers, when there are so many security and ethical arguments against such use."

Trojans target Sony DRM and Windows: Security researchers track two new Trojan horses. One exploits the Sony DRM program. The other could possibly take aim at the Windows flaw Microsoft patched this week.

Hypponen said the Sony rootkit was reported to F-Secure by someone who thought it was a virus. "We thought so too until we dug further," he said. "With these rootkits embedded in computers, it could become tougher to clean infected machines in the future."

While Sony is the focus of controversy right now, he said other companies may be making similar use of rootkits unbeknownst to the public, further muddying the waters for AV firms trying to tell the good from the bad.

This is especially troubling because attackers are increasingly using worms, Trojan horses and other malcode to install rootkits on infected machines, he said. The latest example is a worm that spreads through AOL Instant Messenger (AIM) and leaves rootkits in its wake.

W32.Sdbot-ADD downloads a "lockx.exe" rootkit that connects to an IRC server and waits for remote commands from an attacker, according to Chris Boyd, security research manager with Foster City, Calif.-based FaceTime Security Labs, a division of FaceTime Communications Inc. The worm could also change the viewer's search page to http://www.eza1netsearch.com/sp2.php and download applications from the likes of 180Solutions Inc., its subsidiary Zango, MaxSearch, Media Gateway and SearchMiracle. Security firms often classify such applications as spyware or adware.

"If I were an attacker and I was already planning to drop my own rootkit, I probably wouldn't use another existing one," Boyd said. But he agreed with Hypponen that rootkits like the one Sony uses could be altered by attackers for a variety of exploits. "There's always the possibility of them injecting something into an application and hijacking it for their own purposes," he said.

If a company finds it necessary to use rootkits, Hypponen said, it should make their intentions clearer to the user, through simply-worded user-license agreements or through other means.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy